php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60798 Regression: uninitialized memory in openssl_encrypt() with zero-length $data
Submitted: 2012-01-19 03:08 UTC Modified: 2013-10-15 11:54 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: ktk at enterprise dot bidmc dot harvard dot edu Assigned: scottmac (profile)
Status: No Feedback Package: OpenSSL related
PHP Version: 5.3.9 OS: Slackware x86_64
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ktk at enterprise dot bidmc dot harvard dot edu
New email:
PHP Version: OS:

 

 [2012-01-19 03:08 UTC] ktk at enterprise dot bidmc dot harvard dot edu
Description:
------------
A regression was introduced in php 5.3.9 to the file ext/openssl/openssl.c which causes openssl_encrypt("", "aes-128-cbc", "password") to use uninitialized memory when calling the underlying AES_cbc_encrypt() whenever the length of the $data argument is zero.  This results in either a corrupted return value, or a segmentation fault, depending upon what exists in php's memory heap.

I bisected the code difference between php 5.3.8 and 5.3.9 and have attached the errant patch to this bug report.

The problem patch introduces the following code, which for reasons unknown fails to call the update function whenever the length of the data argument is zero:
-       EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, ...);
+       if (data_len > 0) {
+               EVP_EncryptUpdate(&cipher_ctx, outbuf, &i, ...);
+       }

Reverting the attached patch fixes the problem for me.

I'm seeing this problem on both x86_64 (64 bit) and i686 (32 bit) processor architectures.  OS is Slackware in both cases, with php linked against openssl version 1.0.0g (ditto for openssl 1.0.0e and 1.0.0f), glibc 2.14.1 and compiled with gcc 4.5.3.

The corruption/segfault occurs whether or not an initialization vector is passed to the function; the only requirement it seems is the zero-length data (ergo, the omission of the call to EVP_EncryptUpdate()).

Test script:
---------------
<?php
var_dump(openssl_encrypt("", "aes-128-cbc", "password",
                         false, str_repeat(chr(0), 16)));
$vec = str_repeat(chr(0), 16);
var_dump(openssl_encrypt("", "aes-128-cbc", "password",
                         false, $vec));
var_dump(openssl_encrypt("", "aes-128-cbc", "password"));

unset($vec);
$memory = "Let's use some memory!";
$vec = str_repeat(chr(0), 16);
var_dump(openssl_encrypt("", "aes-128-cbc", "password",
                         false, $vec));
?>

Expected result:
----------------
string(24) "xrQjTh0HCclFET5PKpYH9w=="
string(24) "xrQjTh0HCclFET5PKpYH9w=="

Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in test.php on line 7
string(24) "xrQjTh0HCclFET5PKpYH9w=="
string(24) "xrQjTh0HCclFET5PKpYH9w=="

Actual result:
--------------
GNU gdb (GDB) 7.2
Reading symbols from /usr/bin/php...done.
(gdb) set args test.php
(gdb) run
Starting program: /usr/bin/php test.php
[Thread debugging using libthread_db enabled]
string(24) "AMa0I04dBwnJRRE+TyqWB/c="
string(24) "xrQjTh0HCclFET5PKpYH9w=="

Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in test.php on line 7
string(24) "xrQjTh0HCclFET5PKpYH9w=="

Program received signal SIGSEGV, Segmentation fault.
0xb767cb7c in AES_cbc_encrypt () from /lib/libcrypto.so.1
(gdb) 

Patches

problem-patch-in-5.3.9.diff (last revision 2012-01-19 03:09 UTC by ktk at enterprise dot bidmc dot harvard dot edu)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-22 19:41 UTC] rasmus@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: scottmac
 [2013-02-17 10:33 UTC] stas@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.4-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

Seems to work fine in 5.4.
 [2013-02-17 10:33 UTC] stas@php.net
-Status: Assigned +Status: Feedback
 [2013-10-15 11:54 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC